

<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../">
<head>
  <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>Active recon &mdash; IVRE  documentation</title>
      <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=80d5e7a1" />
      <link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=e59714d7" />
      <link rel="stylesheet" type="text/css" href="../_static/graphviz.css?v=4ae1632d" />

  
      <script src="../_static/jquery.js?v=5d32c60e"></script>
      <script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
      <script src="../_static/documentation_options.js?v=5929fcd5"></script>
      <script src="../_static/doctools.js?v=9bcbadda"></script>
      <script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
    <script src="../_static/js/theme.js"></script>
    <link rel="index" title="Index" href="../genindex.html" />
    <link rel="search" title="Search" href="../search.html" />
    <link rel="next" title="Passive" href="passive.html" />
    <link rel="prev" title="Some use cases" href="use-cases.html" /> 
</head>

<body class="wy-body-for-nav"> 
  <div class="wy-grid-for-nav">
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search" >

          
          
          <a href="../index.html" class="icon icon-home">
            IVRE
              <img src="../_static/logo.png" class="logo" alt="Logo"/>
          </a>
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>
        </div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
              <ul>
<li class="toctree-l1"><a class="reference internal" href="../overview/index.html">Overview</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../install/index.html">Installation</a></li>
</ul>
<ul class="current">
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Usage</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="use-cases.html">Some use cases</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Active recon</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#scanning">Scanning</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#with-nmap-masscan-or-zgrab2">With Nmap, Masscan or Zgrab2</a></li>
<li class="toctree-l4"><a class="reference internal" href="#with-ivre">With IVRE</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#enjoying-the-results">Enjoying the results</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#cli">CLI</a></li>
<li class="toctree-l4"><a class="reference internal" href="#python-module">Python module</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="passive.html">Passive</a></li>
<li class="toctree-l2"><a class="reference internal" href="flow.html">Flow</a></li>
<li class="toctree-l2"><a class="reference internal" href="web-ui.html">Web User Interface</a></li>
<li class="toctree-l2"><a class="reference internal" href="kibana.html">IVRE with Kibana</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../dev/index.html">Development</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Licenses:</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../license.html">IVRE: GPL v3</a></li>
<li class="toctree-l1"><a class="reference internal" href="../license-external.html">Licenses for external files</a></li>
</ul>

        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../index.html">IVRE</a>
      </nav>

      <div class="wy-nav-content">
        <div class="rst-content">
          <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../index.html" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="index.html">Usage</a></li>
      <li class="breadcrumb-item active">Active recon</li>
      <li class="wy-breadcrumbs-aside">
            <a href="../_sources/usage/active-recon.rst.txt" rel="nofollow"> View page source</a>
      </li>
  </ul>
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
             
  <section id="active-recon">
<h1>Active recon<a class="headerlink" href="#active-recon" title="Link to this heading"></a></h1>
<section id="scanning">
<h2>Scanning<a class="headerlink" href="#scanning" title="Link to this heading"></a></h2>
<section id="with-nmap-masscan-or-zgrab2">
<h3>With Nmap, Masscan or Zgrab2<a class="headerlink" href="#with-nmap-masscan-or-zgrab2" title="Link to this heading"></a></h3>
<p>You can use network scanners directly:</p>
<ul class="simple">
<li><p><a class="reference external" href="http://nmap.org/">Nmap</a></p></li>
<li><p><a class="reference external" href="https://github.com/robertdavidgraham/masscan/">Masscan</a></p></li>
<li><p><a class="reference external" href="https://zmap.io/">Zgrab2</a> (<code class="docutils literal notranslate"><span class="pre">http</span></code> and <code class="docutils literal notranslate"><span class="pre">jarm</span></code> commands)</p></li>
<li><p><a class="reference external" href="https://github.com/zmap/zdns">ZDNS</a></p></li>
<li><p><a class="reference external" href="https://github.com/projectdiscovery/nuclei">Nuclei</a></p></li>
<li><p><a class="reference external" href="https://github.com/projectdiscovery/httpx">httpx</a></p></li>
<li><p><a class="reference external" href="https://github.com/projectdiscovery/tlsx">tlsx</a></p></li>
<li><p><a class="reference external" href="https://github.com/projectdiscovery/dnsx">dnsx</a></p></li>
<li><p><a class="reference external" href="https://github.com/zhzyker/dismap/">Dismap</a></p></li>
</ul>
<p>IVRE can insert XML output files for Nmap and Masscan, and JSON output
files for the other tools, using the command line tool <code class="docutils literal notranslate"><span class="pre">ivre</span>
<span class="pre">scan2db</span></code>.</p>
<p>You can insert scan results from different tools, then use <code class="docutils literal notranslate"><span class="pre">ivre</span>
<span class="pre">db2view</span> <span class="pre">nmap</span></code> to merge results from different scans and create a view
you can explore with the the <a class="reference internal" href="web-ui.html#web-user-interface"><span class="std std-ref">Web User Interface</span></a>,
the <code class="docutils literal notranslate"><span class="pre">ivre</span> <span class="pre">view</span></code> command line tool or the Python API
(<code class="docutils literal notranslate"><span class="pre">ivre.db.db.view.*</span></code>).</p>
</section>
<section id="with-ivre">
<h3>With IVRE<a class="headerlink" href="#with-ivre" title="Link to this heading"></a></h3>
<p>Masscan does not provide results as complete as Nmap, when using the
“interesting” options (for example, <code class="docutils literal notranslate"><span class="pre">-vv</span> <span class="pre">-A</span></code>) or scripts. That being
said, Nmap (with such “interesting” options) cannot run efficiently
against huge networks.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">ivre</span> <span class="pre">runscans</span></code> tool can run one Nmap process per target (option
<code class="docutils literal notranslate"><span class="pre">--output=XMLFork</span></code>). This should be less efficient in theory,
because Nmap supposedly knows better how to handle the host and
network resources, but in practice it is much more efficient. You can
adjust how many Nmap processes you want to run in parallel using the
<code class="docutils literal notranslate"><span class="pre">--processes</span> <span class="pre">N</span></code> option.</p>
<p>Another advantage of using <code class="docutils literal notranslate"><span class="pre">ivre</span> <span class="pre">runscans</span> <span class="pre">--output=XMLFork</span></code> over
using Nmap directly is that <code class="docutils literal notranslate"><span class="pre">ivre</span> <span class="pre">runscans</span></code> produces output files as
soon as each host has been scanned (in the <code class="docutils literal notranslate"><span class="pre">scans/*/up</span></code> directory).</p>
<p>Here is a simple example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo ivre runscans --routable --limit 1000 --output=XMLFork
</pre></div>
</div>
<p>This will run a standard scan against 1000 random hosts on the Internet
by running 30 nmap processes in parallel. See the output of
<code class="docutils literal notranslate"><span class="pre">ivre</span> <span class="pre">help</span> <span class="pre">runscans</span></code> if you want to do something else.</p>
<p>When it’s over, to import the results in the database and create a
view from them, run (<code class="docutils literal notranslate"><span class="pre">ROUTABLE-001</span></code> is the category name, and
<code class="docutils literal notranslate"><span class="pre">MySource</span></code> is the source name, usually referencing the machine used
to run the scan):</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ ivre scan2db -c ROUTABLE-001 -s MySource -r scans/ROUTABLE/up
$ ivre db2view nmap
</pre></div>
</div>
</section>
</section>
<section id="enjoying-the-results">
<h2>Enjoying the results<a class="headerlink" href="#enjoying-the-results" title="Link to this heading"></a></h2>
<p>You have several options, depending on what you want to do:</p>
<ul class="simple">
<li><p>Command line interfaces: the <code class="docutils literal notranslate"><span class="pre">ivre</span> <span class="pre">scancli</span></code> tool.</p></li>
<li><p>Python API: use the <code class="docutils literal notranslate"><span class="pre">db.nmap</span></code> object of the <code class="docutils literal notranslate"><span class="pre">ivre.db</span></code> module.</p></li>
<li><p>Web API: <code class="docutils literal notranslate"><span class="pre">/cgi/scans</span></code>.</p></li>
</ul>
<p>If you want to combine several tools, for example Masscan and Nuclei
results, you need to use a view: run <code class="docutils literal notranslate"><span class="pre">ivre</span> <span class="pre">db2view</span> <span class="pre">nmap</span></code> to create
or update a view from the scan data, that can then be accessed by the
<code class="docutils literal notranslate"><span class="pre">view</span></code> purpose (see <a class="reference internal" href="../overview/principles.html#purposes"><span class="std std-ref">Purposes</span></a>), which
includes the <a class="reference internal" href="web-ui.html#web-user-interface"><span class="std std-ref">Web User Interface</span></a>.</p>
<section id="cli">
<h3>CLI<a class="headerlink" href="#cli" title="Link to this heading"></a></h3>
<p>To get all the hosts with the port 22 open:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ ivre scancli --port 22
</pre></div>
</div>
<p>See the output of <code class="docutils literal notranslate"><span class="pre">ivre</span> <span class="pre">help</span> <span class="pre">scancli</span></code>.</p>
</section>
<section id="python-module">
<h3>Python module<a class="headerlink" href="#python-module" title="Link to this heading"></a></h3>
<p>To use the Python module, run for example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ python
&gt;&gt;&gt; from ivre.db import db
&gt;&gt;&gt; db.nmap.get(db.nmap.flt_empty)[0]
</pre></div>
</div>
<p>For more, run <code class="docutils literal notranslate"><span class="pre">help(db.nmap)</span></code> from the Python shell.</p>
</section>
</section>
</section>


           </div>
          </div>
          <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="use-cases.html" class="btn btn-neutral float-left" title="Some use cases" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="passive.html" class="btn btn-neutral float-right" title="Passive" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright 2011 - 2025, Pierre LALET.</p>
  </div>

  Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
    <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
    provided by <a href="https://readthedocs.org">Read the Docs</a>.
   

</footer>
        </div>
      </div>
    </section>
  </div>
  <script>
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script> 

</body>
</html>